Marc Wäckerlin
Für eine libertäre Schweiz

Backup Ubuntu to Docker

April 8, 2018

Setting up a server for backing up your ubuntu home, e.g. from your notebook, is a task, done in just ten minutes. All you need is a publicly available server running docker.


  • server:
    • either running normal local docker
    • or running docker swarm, kubernetes, openshift, …
      • with persistent volumes
    • enough free disk space for your backups
    • for authentication: OpenLDAP
      • alternatively you can use ssh key exchange
  • client:
    • ubuntu

Server Installation

Just run an ssh server as instance of mwaeckerlin/ssh, that connects to your instance of openldap in mwaeckerlin/openldap. Install openlap according to Setup OpenLDAP Server in Docker. You may use a different port instead of 22 for ssh, if port 22 is already in use. In this example, I use port 222. Remember to pass the port from the internet through your router and firewall. My persistent volumes are built with lizardfs and mounted to /srv/voliumes. In LAM create a system user for bind, e.g. named cn=backup-bind,ou=system,ou=people and set a secret password, e.g. yourSecretPassword.

Plain Old Docker

Just connect to your ldap instance and pass bind login and relative user and group distinguish names. The base distinguish name is built from the ldap server’s DOMAIN environment variable:

docker run -d --restart unless-stopped --name backup \
           -p 222:22 \
           -v /srv/volumes/backup:/home \
           -e 'LDAPBASEUSERDN=ou=person,ou=people' \
           -e 'LDAPBASEGROUPDN=ou=group' \
           -e 'LDAPBINDDN=cn=backup-bind,ou=system,ou=people' \
           -e 'LDAPBINDPW=yourSecretPassword' \

Docker Swarm

Use a yaml file similar to this:

version: '3.3'

    image: mwaeckerlin/ssh
      - 222:22
      - type: bind
        source: /srv/volumes/backup
        target: /home
      - 'LDAPURI=ldap://your-local-ldap-server'
      - 'LDAPBASE=dc=your,dc=domain,dc=com'                                                                                                
      - 'LDAPBASEUSERDN=ou=person,ou=people'                                                                                      
      - 'LDAPBASEGROUPDN=ou=group'                                                                                                
      - 'LDAPBINDDN=cn=backup-bind,ou=system,ou=people'                                                                           
      - 'LDAPBINDPW=yourSecretPassword'

Client Installation

On client side, first create a secret ssh key, then configure passwordless key login with your server:

ssh-keygen -b 4096
ssh-copy-id -p 222
ssh -p 222

To backup, I use déja-dup, the standard backup program of the ubuntu distribution. So just install it:

sudo apt-get install deja-dup deja-dup-backend-gvfs

Then from the starter run the program backups.

Configure your folders to save and to ignore, setup your desired scheduling, then configure the storage location, chose ssh and set your parameters:

Switch it on and stat the initial backup from the overview.